s4-pipes: convert pipe names to lowercase and validate

clients may provide arbitrary names, but we only want lowercase alnum
names

diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
index 0cd909e3514440f462b25bab7debda010ade0cd5..3a27b8d7b0cfab082b7f3c407957a1f76ae7bd4d 100644 (file)
--- a/source4/ntvfs/ipc/vfs_ipc.c
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -39,6 +39,7 @@
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_krb5.h"
 #include <gssapi/gssapi.h>
+#include "system/locale.h"
 
 /* this is the private structure used to keep the state of an open
    ipc$ connection. It needs to keep information about all open
@@ -221,6 +222,18 @@ struct ipc_open_state {
 
 static void ipc_open_done(struct tevent_req *subreq);
 
+/*
+  check the pipename is valid
+ */
+static NTSTATUS validate_pipename(const char *name)
+{
+       while (*name) {
+               if (!isalnum(*name)) return NT_STATUS_INVALID_PARAMETER;
+               name++;
+       }
+       return NT_STATUS_OK;
+}
+
 /*
   open a file - used for MSRPC pipes
 */
@@ -275,6 +288,12 @@ static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
 
        while (fname[0] == '\\') fname++;
 
+       /* check for valid characters in name */
+       fname = strlower_talloc(p, fname);
+
+       status = validate_pipename(fname);
+       NT_STATUS_NOT_OK_RETURN(status);
+
        p->pipe_name = talloc_asprintf(p, "\\pipe\\%s", fname);
        NT_STATUS_HAVE_NO_MEMORY(p->pipe_name);